-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 There is no solution for ICQ with Squid now. You can only bypass proxying for ICQ clients. 13.11.15 14:41, Eugene M. Zheganin пишет: > Hi. > > Today I discovered that a bunch of old legacy ICQ clients that some > people till use have lost the ability to use HTTP CONNECT tunneling with > sslBump. No matter what I tried to allow direct splicing for them, all > was useless: > > - arranging them by dst ACL, and splicing that ACL > - arranging them by ssl::server_name ACL, and splicing it > > So I had to turn of sslBumping. Looks like it somehow interferes with > HTTP CONNECT even when splicing it. > Last version of sslBump part in the config was looking like that: > > > acl icqssl ssl::server_name login.icq.com > acl icqssl ssl::server_name go.icq.com > acl icqssl ssl::server_name ars.oscar.aol.com > acl icqssl ssl::server_name webim.qip.ru > acl icqssl ssl::server_name cb.icq.com > acl icqssl ssl::server_name wlogin.icq.com > acl icqssl ssl::server_name storage.qip.ru > acl icqssl ssl::server_name new.qip.ru > > acl icqlogin dst 178.237.20.58 > acl icqlogin dst 178.237.19.84 > acl icqlogin dst 94.100.186.23 > > ssl_bump splice children > ssl_bump splice sbol > ssl_bump splice icqlogin > ssl_bump splice icqssl icqport > ssl_bump splice icqproxy icqport > > ssl_bump bump interceptedssl > > ssl_bump peek step1 > ssl_bump bump unauthorized > ssl_bump bump entertainmentssl > ssl_bump splice all > > I'm not sure that ICQ clients use TLS, but in my previous experience > they were configured to use proxy, and to connect through proxy to the > login.icq.com host on port 443. > Sample log for unsuccessful attempts: > > 1447400500.311 21 192.168.2.117 TAG_NONE/503 0 CONNECT > login.icq.com:443 solodnikova_k HIER_NONE/- - > 1447400560.301 23 192.168.2.117 TAG_NONE/503 0 CONNECT > login.icq.com:443 solodnikova_k HIER_NONE/- - > 1447400624.832 359 192.168.2.117 TCP_TUNNEL/200 0 CONNECT > login.icq.com:443 solodnikova_k HIER_DIRECT/178.237.20.58 - > 1447400631.038 108 192.168.2.117 TCP_TUNNEL/200 0 CONNECT > login.icq.com:443 solodnikova_k HIER_DIRECT/178.237.20.58 - > > Thanks. > Eugene. > _______________________________________________ > squid-users mailing list > squid-users@xxxxxxxxxxxxxxxxxxxxx > http://lists.squid-cache.org/listinfo/squid-users -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQEcBAEBCAAGBQJWRetRAAoJENNXIZxhPexGbikH/0EqoRzosGamhDwM9h0tVMOJ 4rpARbMvHK3wejCgFkh+yp/X2kZi1+nRU9+baJ9vWAmKz6nqf7loFA3S+2s6HzNC 3WyAc+ICO5O2TtC+hSwPVOn4YCjbdROKSGTc/T6MoAnlfnEVIP9IV+Qb29F53bIE vcMovH4iH2zE7XfPwtZY7eBqEiBsiSG51dg744LHfTzJEYZWmGwTjd7LAQtIwO5e p+4FwG4oDxFksPXWEs4L2mpk8meKZvqP6CGTzTULYZdcokXcozTNw0YTz468MIzx 4zyDBZNdZXEZTLA5kL89OCVjfuXSm8WqggVvxq9SHqUYs2aJBVUHZRWNnvLhFMU= =v1X4 -----END PGP SIGNATURE----- _______________________________________________ squid-users mailing list squid-users@xxxxxxxxxxxxxxxxxxxxx http://lists.squid-cache.org/listinfo/squid-users
